Lucene search
K

1479 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 11:27 a.m.3 views

CVE-2019-25641 Netartmedia Vlog System Lastest SQL Injection via email Parameter

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

8.8CVSS6AI score0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27375

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten password module to...

8.8CVSS6AI score0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...

8.8CVSS0.00341EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12403

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/16 11:2 a.m.30 views

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/03/16 11:2 a.m.18 views

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.4 views

CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.6 views

CVE-2026-22193

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References4
CVE
CVE
added 2026/03/13 1:18 a.m.20 views

CVE-2026-22193

wpDiscuz plugin (before version 7.6.47) contains an SQL injection in getAllSubscriptions caused by improper quote escaping for parameters email, activation_key, subscription_date, and imported_from. This allows altering queries and potentially exfiltrating sensitive data. CVSS metrics indicate hi...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.7 views

EUVD-2019-19815

Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19833

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19823

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

8.8CVSS5.9AI score0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2019-19819

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

8.8CVSS5.9AI score0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2019-19814

Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.10 views

EUVD-2019-19813

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25537

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

8.8CVSS0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 4:16 p.m.8 views

CVE-2019-25531

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...

8.8CVSS0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25532

Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...

8.8CVSS0.00318EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25533

Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...

8.8CVSS0.00304EPSS
Exploits0References2
Rows per page
Query Builder